- 1
- 60 736
Mehdi A.
Germany
Registrace 2. 07. 2014
I try to simplify technical concepts, mainly related to hardware hacking and wireless security. My main audience are people who have a basic to intermediate understanding of these concepts and would like to see them in action (mostly software engineers who are trying to learn about hardware security)
I will try to keep the videos short and use simple language and avoid theory as much as possible.
If you need to contact me, please leave a comment.
You can also send me an email at "mehdihacks@pm.me". Please note that I might not be able to reply back to every email.
Here's also my Twitter ID: @mehdi0x61
I will try to keep the videos short and use simple language and avoid theory as much as possible.
If you need to contact me, please leave a comment.
You can also send me an email at "mehdihacks@pm.me". Please note that I might not be able to reply back to every email.
Here's also my Twitter ID: @mehdi0x61
Intro to hardware security: UART access and SPI firmware extraction
This is an introduction to hardware security for beginners. I will show you how to connect to the Linux terminal of a TP-Link wireless router using UART, and also how to dump its firmware using a SPI programmer. My aim has been to use the most affordable and accessible tools, so everyone can start without breaking the bank.
As promised in the video, here’s the list of tools that I used or mentioned:
The target: www.tp-link.com/us/home-networking/wifi-router/tl-wr841n/
The advanced UART adapter that I mentioned: www.crowdsupply.com/pylo/muart
Programmer I used to dump the firmware: github.com/boseji/CH341-Store
Software I used to dump the firmware: flashrom.org/Flashrom
Software used to extract the firmware contents: github.com/ReFirmLabs/binwalk
For the UART you can use any USB-UART adapter (sometimes called USB to TTL). I used an adapter based on PL2303, but FT232 is more common (the one with the 3.3/5v switch was based on FT232)
If you need more guides, check these out:
www.thezdi.com/blog/2019/9/2/mindshare-hardware-reversing-with-the-tp-link-tl-wr841n-router
nvisium.com/blog/2019/08/07/extracting-firmware-from-iot-devices.html
jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/
blog.rapid7.com/2019/02/20/iot-security-introduction-to-embedded-hardware-hacking/
I had to cut some corners to prepare a short and easy to understand video. For example I skipped the part on detecting the UART pins on the boards using an oscilloscope or logic analyzer.
If you have questions or comments, you can reach me via Twitter: mehdi0x61
As promised in the video, here’s the list of tools that I used or mentioned:
The target: www.tp-link.com/us/home-networking/wifi-router/tl-wr841n/
The advanced UART adapter that I mentioned: www.crowdsupply.com/pylo/muart
Programmer I used to dump the firmware: github.com/boseji/CH341-Store
Software I used to dump the firmware: flashrom.org/Flashrom
Software used to extract the firmware contents: github.com/ReFirmLabs/binwalk
For the UART you can use any USB-UART adapter (sometimes called USB to TTL). I used an adapter based on PL2303, but FT232 is more common (the one with the 3.3/5v switch was based on FT232)
If you need more guides, check these out:
www.thezdi.com/blog/2019/9/2/mindshare-hardware-reversing-with-the-tp-link-tl-wr841n-router
nvisium.com/blog/2019/08/07/extracting-firmware-from-iot-devices.html
jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/
blog.rapid7.com/2019/02/20/iot-security-introduction-to-embedded-hardware-hacking/
I had to cut some corners to prepare a short and easy to understand video. For example I skipped the part on detecting the UART pins on the boards using an oscilloscope or logic analyzer.
If you have questions or comments, you can reach me via Twitter: mehdi0x61
zhlédnutí: 60 819
my house almost burned down
Great video. This is a process that I’ve never done myself, and I always wondered what it’s like. The explanation of the required tools (and why they’re needed) is really good as well.
IS THIS ELECTROBOOM ??? whats bro doing here
Haha. My name is Mehdi and I sound like him, but I'm not ElectroBOOM
@@MehdiHacks but youre still sus!! and also keep uploading vids
How do you identify which pin hole is for gnd, rx, tx, when there's nothing write on the pcb?
Usually ground is the easiest to identify (simply using a multimeter's continuity mode, with other known grounds). RX and TX can be identified using multiple methods: one is to simply try (there's no harm in using them in the wrong order), second is to use a logic analyzer to "see" what's happening on the wire. I think some UART tools also can auto-discover it. Usually one has lots of data/activity going on, while the other is simply quiet, which means even a voltmeter can be used to identify RX (using fluctuations in the voltage)
hello, is it possible to flash firmware in UART mode?
Why not read the firmware via UART?
It would be nice to have a video where you edit the firmware and you flash it back to the device!
Thank you for information. I have LPC1778 I i tried to read with Flash magic . And i get massage, security violation in device. What i can do ?! I Wann get the firmware.
Great information in this video. Louder audio would be great, as I struggled to hear everything when the volume was set to maximum value.
Merhaba, izlediğim en faydalı video bu oldu diyebilirim. Detaylı ve dolu dolu içerikle hazırladığınız bu video için Allah sizden razı olsun. Çok çok çok sağolun, elinize sağlık.
Thank you
it was so good , grateful for this tutorial
Need more details video about this topic. You are great ❤. Love from Bangladesh.
hallo bro can help me for my TPLINK re 450 v3 ..it briked ... thanks bro video
I am undable to enter into the shell, it keeps saying cmd is “echo “” > /etc/TZ”
SIMlock code of Huawei B5318-42
آفرین مهندس
Hey guys by any chance does anyone know how I can pipe all the output from the terminal into a txt file on Linux. I've tried tee, >, >>, and script and still have yet to get the terminal output into a txt file.
Hello, to to extract firmware from MCU with builtin flash memory such as Atmel ATSAMD21J?
اینتر کیبوردت سالمه هنوز؟
Thx Mahdi jaan. Would u please upload more videos like this? Amazing bro.
13:29 "3: System Boot system code via Flash" - this is option 3 in the uboot boot menu. It is possible to send a different option via serial keyboard input - like boot to root shell. But this may not be always possible. But in this case, you get to a shell from the get-go.
derka derka
You talk for long time out side the core of the address
Is python installed on that WiFi router terminal??? Plz anyone reply 🥺🥺🥺🥺🥺🥺🥺🥺🥺😭😭😭😭😭😭😭plz ?
To my knowledge, no.
@@MehdiHacks ok than tell me one thing which default programming language is there in that linux shell there. like in windows we have .VBS as default....... Except bash script
It was alot helpfull. Thank you man
Dump or Extract U-Boot from the running board. OR Dump memory to a file from the U-Boot console using the Memory Display command. This will be helpful in debugging in the situation like you have a board with U-Boot running and don't have the same version of U-Boot binary and want to test on another board. czcams.com/video/yDFMcBNGW3U/video.html
using UART access, if the device have telnet, but disabled, can we enable it !
what if i wanna save a project but i use free trial? can soone help
bro sounds like electrobooooooooooom
BROTHER, YOU ARE THE BEST!!! You oooh really helped me!! THANK YOU VERY
pues el firmware de tp-link se puede bajar sin compilar
wow, this is the exact router I have. I'm actually surprised it works so well for such a cheap price
its cheap because it has zero security lol
@@myname-mz3lo and zero functionalities 😅
Very well done. Clearly explained, step-by-step.
Legend Mehdi! Thanks for this
Hi, I used 115200 Baud rate for UART, which is connected to the IP camera board, but as soon as I give the power, the putty window displays garbage values, need your inputs/suggestion
Sounds like you may have the baud rate wrong, there are not many standard baud rates so it should not take too long to bruteforce the right one.
@@JordanPlayz158I second this for anybody reading this for future reference. I'm new at this but have seen that the wrong baudrate will give you garbage.
We found Electroboom's younger brother 🤣
That made me smile :D
PL2303 has the right voltage? I meaning 3.3 by default. I get confused about the right voltage, do you have another video about the voltage? If you test the PL2303 pins, what voltage do you get?
Thank you very much😘. Looking forward to more practice hank-on work video.
can i cahnge the ip address of this retour using this method?
can we extract the firmware of tplink td-w8961n v3 ?
Great tutorial, thanks for sharing... just a question... I do not have the UART pins on the PCB. What options do I have?
Finding them is not very difficult. Do you have any pin headers on the board at all?
i also not have. how do i know what connect to what? and the usb i bought from adafruit doesnt says which is what
Hi How can i reverse engineering dump any eeprom for example s2943 i try ghidra but iam not get any thing
can CH341 also be used for UART?
Flash file of other modems From which site should I get it? Free . Safe file .
impressive from Republic of Korea.
Very well explained
bahut badhiya dost.. great video,
wtf is this ? a hacking guide for laymen, why would a pleb want to do this ? you have to name your video properly "Hey guys let me show you how i illegally hack stuff around either for stealing data or pervert their use". Why would anyone without a background in electronics watch this video. you talk like there are preschoolers watching this video where the core subject is pirating whatever electronic systems. im surprised you didnt explain what are these two pink things moving with 5 fingers on each where blood flows inside and also work on electricity at biological level. or why the wood desk has so many different shades of brown that would be interesting to add next time. you know what i was searching for, legit uart analysis with oscilloscope, not piratry incitement. and i dont know why this kind of content is allowed on public platforms.
Plz make more videos